ClawHub

Feishu DM Sender

v1.0.0

Proactively send messages to Feishu (Lark) users or group chats from your OpenClaw agent. Supports name-based lookup from DM contacts config, open_id, and ch...

0· 115·0 current·0 all-time
by黄耀武@lingzuer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description promise (proactively send Feishu messages) aligns with the code and SKILL.md. The script implements tenant token retrieval and message sending to open.feishu.cn and supports contact-label lookup from the OpenClaw config as described.
Instruction Scope
SKILL.md instructions are scoped to configuring Feishu in openclaw.json, adding DM mappings, and running the included script. The runtime script only reads ~/.openclaw/openclaw.json and performs API calls to open.feishu.cn; it does not read other system files or transmit data to third-party endpoints.
Install Mechanism
No install spec; this is an instruction-only skill plus a small Python script that uses only the standard library. No downloads or archive extraction are performed.
Credentials
The script reads ~/.openclaw/openclaw.json to obtain the Feishu appId/appSecret and dms mapping. That access is proportionate to the stated purpose, but it does require the file to contain valid Feishu credentials — ensure the config does not contain other secrets you don't want accessed by a skill. The skill does not request unrelated environment variables.
Persistence & Privilege
The skill does not request always:true or any elevated platform privileges and does not modify other skills' configs. It runs on demand and only performs API calls to Feishu.
Assessment
This skill appears to do exactly what it claims: send messages via Feishu using credentials stored in ~/.openclaw/openclaw.json. Before installing, verify that the source is trusted (source is listed as unknown), confirm that your openclaw.json holds only the intended Feishu app credentials (and not other sensitive tokens), and make sure the Feishu appId/appSecret you supply are scoped appropriately for sending messages. If you are uncomfortable giving the skill access to your config file, review the script locally before installing; the code is short and uses only the standard library and the official open.feishu.cn API.

Like a lobster shell, security has layers — review code before you run it.

latestvk97082adhjgwzjpgyfga0xgc09834mce

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

✉️ Clawdis

Comments